CVSS: 6.2EPSS: 0%CPEs: 8EXPL: 2CVE-2021-4115 – polkit: file descriptor leak allows an unprivileged user to cause a crash
https://notcve.org/view.php?id=CVE-2021-4115
21 Feb 2022 — There is a flaw in polkit which can allow an unprivileged user to cause polkit to crash, due to process file descriptor exhaustion. The highest threat from this vulnerability is to availability. NOTE: Polkit process outage duration is tied to the failing process being reaped and a new one being spawned Se presenta un fallo en polkit que puede permitir a un usuario no privilegiado causar un bloqueo de polkit, debido al agotamiento del descriptor de archivos del proceso. La mayor amenaza de esta vulnerabilida... • https://packetstorm.news/files/id/172849 • CWE-400: Uncontrolled Resource Consumption CWE-403: Exposure of File Descriptor to Unintended Control Sphere ('File Descriptor Leak') •
CVSS: 7.8EPSS: 87%CPEs: 56EXPL: 170CVE-2021-4034 – Red Hat Polkit Out-of-Bounds Read and Write Vulnerability
https://notcve.org/view.php?id=CVE-2021-4034
26 Jan 2022 — A local privilege escalation vulnerability was found on polkit's pkexec utility. The pkexec application is a setuid tool designed to allow unprivileged users to run commands as privileged users according predefined policies. The current version of pkexec doesn't handle the calling parameters count correctly and ends trying to execute environment variables as commands. An attacker can leverage this by crafting environment variables in such a way it'll induce pkexec to execute arbitrary code. When successfull... • https://packetstorm.news/files/id/166196 • CWE-20: Improper Input Validation CWE-125: Out-of-bounds Read CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 6%CPEs: 9EXPL: 35CVE-2021-3560 – Red Hat Polkit Incorrect Authorization Vulnerability
https://notcve.org/view.php?id=CVE-2021-3560
03 Jun 2021 — It was found that polkit could be tricked into bypassing the credential checks for D-Bus requests, elevating the privileges of the requestor to the root user. This flaw could be used by an unprivileged local attacker to, for example, create a new local administrator. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. Se ha detectado que polkit podía ser engañado para omitir las comprobaciones de credenciales para las peticiones de D-Bus, eleva... • https://packetstorm.news/files/id/172836 • CWE-754: Improper Check for Unusual or Exceptional Conditions CWE-863: Incorrect Authorization •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2013-4161
https://notcve.org/view.php?id=CVE-2013-4161
31 Dec 2019 — gksu-polkit-0.0.3-6.fc18 was reported as fixing the issue in CVE-2012-5617 but the patch was improperly applied and it did not fixed the security issue. Se reportó que gksu-polkit-0.0.3-6.fc18 corrigió el problema en CVE-2012-5617, pero el parche fue aplicado inapropiadamente y no corrigió el problema de seguridad. • http://lists.fedoraproject.org/pipermail/package-announce/2013-August/113182.html • CWE-269: Improper Privilege Management •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2012-5617
https://notcve.org/view.php?id=CVE-2012-5617
25 Nov 2019 — gksu-polkit: permissive PolicyKit policy configuration file allows privilege escalation gksu-polkit: el archivo de configuración de política PolicyKit permisivo permite una escalada de privilegios. • http://lists.fedoraproject.org/pipermail/package-announce/2013-August/113182.html • CWE-269: Improper Privilege Management •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2011-0703
https://notcve.org/view.php?id=CVE-2011-0703
15 Nov 2019 — In gksu-polkit before 0.0.3, the source file for xauth may contain arbitrary commands that may allow an attacker to overtake an administrator X11 session. En gksu-polkit versiones anteriores a la versión 0.0.3, el archivo fuente de xauth puede contener comandos arbitrarios que pueden permitir a un atacante superar una sesión X11 de administrador. • https://access.redhat.com/security/cve/cve-2011-0703 • CWE-20: Improper Input Validation •
CVSS: 7.3EPSS: 0%CPEs: 17EXPL: 0CVE-2019-6133 – polkit: Temporary auth hijacking via PID reuse and non-atomic fork
https://notcve.org/view.php?id=CVE-2019-6133
11 Jan 2019 — In PolicyKit (aka polkit) 0.115, the "start time" protection mechanism can be bypassed because fork() is not atomic, and therefore authorization decisions are improperly cached. This is related to lack of uid checking in polkitbackend/polkitbackendinteractiveauthority.c. En PolicyKit (también conocido como polkit) 0.115, el mecanismo de protección "start time" puede omitirse debido a que fork() no es atómico y, por lo tanto, las decisiones de autorización se cachean incorrectamente. Esto está relacionado co... • http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00049.html • CWE-284: Improper Access Control CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 9.0EPSS: 42%CPEs: 8EXPL: 5CVE-2018-19788 – polkit: Improper handling of user with uid > INT_MAX leading to authentication bypass
https://notcve.org/view.php?id=CVE-2018-19788
03 Dec 2018 — A flaw was found in PolicyKit (aka polkit) 0.115 that allows a user with a uid greater than INT_MAX to successfully execute any systemctl command. Se ha detectado un fallo en PolicyKit (también conocido como polkit) 0.115 que permite que un usuario con una uid mayor que INT_MAX ejecute con éxito cualquier comando systemctl. USN-3861-1 fixed a vulnerability in PolicyKit. This update provides the corresponding update for Ubuntu 12.04 ESM. It was discovered that PolicyKit incorrectly handled certain large user... • https://github.com/AbsoZed/CVE-2018-19788 • CWE-20: Improper Input Validation CWE-287: Improper Authentication •
CVSS: 4.7EPSS: 0%CPEs: 3EXPL: 0CVE-2018-1116 – polkit: Improper authorization in polkit_backend_interactive_authority_check_authorization function in polkitd
https://notcve.org/view.php?id=CVE-2018-1116
10 Jul 2018 — A flaw was found in polkit before version 0.116. The implementation of the polkit_backend_interactive_authority_check_authorization function in polkitd allows to test for authentication and trigger authentication of unrelated processes owned by other users. This may result in a local DoS and information disclosure. Se ha descubierto un problema en versiones anteriores a la 0.116 de polkit. La implementación de la función polkit_backend_interactive_authority_check_authorization en polkitd permite probar la a... • https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1116 • CWE-285: Improper Authorization CWE-862: Missing Authorization •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2015-3218 – Ubuntu Security Notice USN-3717-1
https://notcve.org/view.php?id=CVE-2015-3218
26 Oct 2015 — The authentication_agent_new function in polkitbackend/polkitbackendinteractiveauthority.c in PolicyKit (aka polkit) before 0.113 allows local users to cause a denial of service (NULL pointer dereference and polkitd daemon crash) by calling RegisterAuthenticationAgent with an invalid object path. La función authentication_agent_new en polkitbackend/polkitbackendinteractiveauthority.c en PolicyKit (también conocido como polkit) en versiones anteriores a 0.113 permite a usuarios locales provocar una denegació... • http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161721.html •